The latest chapter in 'preventing the next Snowden'
A DISA project with Metalogix is aimed at dispensing with the kind of thumb drives that aided NSA contractor Edward Snowden's activities.
The large-scale leaks of former National Security Agency contractor Edward Snowden prompted Pentagon officials to rethink how the bureaucracy protects and segments information. Since then, the Defense Information Systems Agency, the defense agency for IT infrastructure, has looked for private-sector solutions to the insider threats. Thus opened up a potentially lucrative market for any company whose technology could make the next Snowden less likely.
DISA Director Lt. Gen. Ronnie Hawkins in May called for the defense industry’s help in leveraging cloud computing to analyze insider threats and better understand the movements and capabilities of government personnel. As of then, industry was involved in more than 60 percent of DISA’s cloud work and more than 80 percent of the agency’s telecom network, Hawkins estimated, appealing for more collaboration with contractors.
The latest step in DISA’s work with industry on insider threats is a project with Metalogix, a Washington, D.C.-based IT management firm. The "data guard" tool unveiled by the firm Jan. 20 is meant to obviate thumb drives or other manual means of transferring data between agency networks. (Snowden reportedly used a thumb drive to download classified information from an NSA facility in Hawaii). The tool can instantaneously replicate content in the military's classified (SIPRNet) and unclassified (NIPRnet) networks.
The technology is designed to take out the middleman in data transfer, Pat Park, regional vice president of public sector at Metalogix, said in an interview. As the product was developed, DISA put it through a series of security tests over the last year, he added.
The swift and relatively seamless transfer of data between networks could be especially important for American forces overseas, added retired Maj. Gen. Steve Smith, a security technology advisor to Metalogix. Those forces not only deal with SIPRNet and NIPRnet, but with the security network rules of their host nation, he pointed out.